<?php #//AJAX PHP PENNY AUCTION v.1.1

#///////////////////////////////////////////////////////////
#//  COPYRIGHT 2009 Aaron Helmlinger ALL RIGHTS RESERVED  //
#///////////////////////////////////////////////////////////

include "./includes/config.inc.php";

include $include_path."countries.inc.php";
include $include_path."checkage.inc.php";
include $include_path."cc.inc.php";
include $include_path."banemails.inc.php";

$tabid = 3;
  include "tab_menu.php";
  $subtabid = "logout";
  include "tab_submenu.php";
  include "category_menu.php";
  
    


                 $query_settings = "select * from PHPAUCTIONXL_version_1_3 where id='1'";
                             $query_settings2 =  mysql_query ($query_settings);
                                $phone_type2 = mysql_result($query_settings2,0,"phone_type");
                                $state_label2 = mysql_result($query_settings2,0,"state_label");
                                 $postcode_label2 = mysql_result($query_settings2,0,"postcode_label");
                                   $email_confirmation_activated2 = mysql_result($query_settings2,0,"email_confirmation_activated");
                                     $free_sign_up_bids = mysql_result($query_settings2,0,"free_bids_at_sign_up");
                               
                               
                                $query_settings = "select * from PHPAUCTIONXL_version_2_0 where id='1'";
                             $query_settings2 =  mysql_query ($query_settings);
                                $dup_accounts2 = mysql_result($query_settings2,0,"dup_accounts");
                               
                               
                               
                                                               $query_settings = "select * from PHPAUCTIONXL_version_2_1 where id='1'";
                             $query_settings2 =  mysql_query ($query_settings);
                                $rafbidpack = mysql_result($query_settings2,0,"rafbidpack");
                               
                                   
                                   if (!$free_sign_up_bids){
                                   $free_sign_up_bids = 0;
                                   
                                   }
 
  


#////////////////////////////////////////////////////////////////////////////
#// Enter the amount of bids you would like give a user for signing up below
#//$free_sign_up_bids = "5"; // replace the number between the ""
#////////////////////////////////////////////////////////////////////////////




$TIME = mktime(date("H")+$SETTINGS['timecorrection'],date("i"),date("s"),date("m"), date("d"),date("Y"));
$NOW = date("YmdHis",$TIME);
$NOWB = date("YmdHis",$TIME);
// --
if (!isset($_POST['auction_id']) && !isset($_GET['auction_id'])) {
    $auction_id = $_SESSION["CURRENT_ITEM"];
} else {
    $_SESSION["CURRENT_ITEM"]=intval($auction_id);
}
if (empty($_POST['action'])) {
    $action = "first";
}
#// Retrieve users signup settings
$query = "SELECT * FROM PHPAUCTIONXL_usersettings";
$res_s = @mysql_query($query);
if(!$res_s){
    MySQLError($query);
    exit;
}else{
    $REQUESTED_FIELDS = unserialize(mysql_result($res_s,0,"requested_fields"));
    $MANDATORY_FIELDS = unserialize(mysql_result($res_s,0,"mandatory_fields"));
}

if ($_POST['action'] == "first") {

$TPL_promo = $_POST['TPL_promo'];
                   // echo $TPL_promo;
      if ( $TPL_promo ) {         
                  $query99 = "select * from PHPAUCTIONXL_promocode
         WHERE promocode='$TPL_promo'";
$result = mysql_query($query99);

            if ( $result ) {
            
            
$num_auction = mysql_num_rows($result);
                
            if ( $num_auction > 0 ) {   
                
              $free_sign_up_bids_promo 	= mysql_result($result,0,"bids");   
                $free_sign_up_bids = ($free_sign_up_bids + $free_sign_up_bids_promo);

}
        
        else {
        
               $TPL_err = 1;
        $TPL_errmsg = $REGISETER_PAGE_PROMOCODE_INVALID;
        
}                
}
                        
                        
                        
                        
                        
                        
                        }

      $TPL_password = $_POST['TPL_password'];

           if (empty($TPL_password)) {
           
           $TPL_password = $_POST['TPL_password_backup'];
                                             
           }







                $TPL_repeat_password = $_POST['TPL_repeat_password'];

           if (empty($TPL_repeat_password)) {
           
           $TPL_repeat_password = $_POST['TPL_password_backup'];
                                             
           }




    if (empty($_POST['accounttype']) && $SETTINGS['accounttype'] == 'sellerbuyer') {
        $TPL_err = 1;
        $TPL_errmsg = $MSG_25_0137;
    } 
    
    
    elseif (empty($_POST['TPL_surname'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR1;
                    } 
                    
                    elseif (empty($_POST['TPL_first_name'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR2;
    }
    
         elseif (empty($_POST['TPL_last_name'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR3;
    }
    
     elseif (empty($_POST['TPL_nick'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5030;
        
        
    } elseif (empty($TPL_password)) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5031;
        
        
    } elseif (empty($TPL_repeat_password)) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5032;
    } elseif (empty($_POST['TPL_email'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5033;
    } elseif (empty($_POST['TPL_address'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5034;
    } 
    
    
    
    elseif (empty($_POST['TPL_city'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5035;
    } elseif (empty($_POST['TPL_prov'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5036;
    } elseif (empty($_POST['TPL_country'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5037;
    } elseif (empty($_POST['TPL_zip'])) {
        $TPL_err = 1;
        $TPL_errmsg = $ERR_5038;
    } 
        
          elseif (empty($_POST['TPL_birthday'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR4;
    }
             elseif (empty($_POST['TPL_birthmonth'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR5;
    }
            elseif (empty($_POST['TPL_birthyear'])) {
        $TPL_err = 1;
     $TPL_errmsg = $REGISTER_ERROR6;
    }
     
 elseif  (empty($_POST['TPL_phone1'])) {
        $TPL_err = 1;
        $TPL_errmsg = $REGISTER_ERROR7;
     } 
      elseif  (empty($_POST['TPL_phone2'])) {
        $TPL_err = 1;
      $TPL_errmsg = $REGISTER_ERROR8;
     } 
       elseif  (empty($_POST['TPL_phone3'])) {
        $TPL_err = 1;
      $TPL_errmsg = "$REGISTER_ERROR9";
     }  
      
              
      else {  
      

           if ( $phone_type2 == 'usa' ){ 
        $TPL_phone = $_POST['TPL_phone1'];
         $TPL_phone .= "-";
         $TPL_phone .= $_POST['TPL_phone2'];
         $TPL_phone .= "-";
         $TPL_phone .= $_POST['TPL_phone3']; 
          }
          
               if ( $phone_type2 != 'usa' ){ 
        $TPL_phone = $_POST['TPL_phone1'];
                 }
           
           
           $TPL_birthdate = $_POST['TPL_birthmonth'];
    $TPL_birthdate .= "/";     
     $TPL_birthdate .= $_POST['TPL_birthday'];
    $TPL_birthdate .= "/";           
          $TPL_birthdate .= $_POST['TPL_birthyear'];
          
        // -- Explode birthdate into DAY MONTH YEAR
        if(!empty($TPL_birthdate)){
            $DATE = explode("/", $TPL_birthdate);
            
            
            if ( $phone_type2 == 'usa' ){ 
                $birth_day = $DATE[1];
                $birth_month = $DATE[0];
                $birth_year = $DATE[2];
            } else {
                $birth_day = $DATE[0];
                $birth_month = $DATE[1];
                $birth_year = $DATE[2];
            }
            $DATE = "$birth_year$birth_month$birth_day";
        }else{
            $DATE = 0;
        }
        
        
        
        
        
        
        $VALIDCARD = ValidateCC($_POST[TPL_cc]);
        if ($VALIDCARD != "" && $SETTINGS['userscreditcard'] == 'y' && $Https['https'] == 'yes') {
            $TPL_err = 1;
            $TPL_errmsg = $$VALIDCARD;
        } elseif ((!ereg("^[0-9]{2}$", $_POST['TPL_exp_month']) || !ereg("^[0-9]{2}$", $_POST['TPL_exp_year'])) && $SETTINGS['userscreditcard'] == 'y' && $Https['https'] == 'yes') {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_5012;
        } elseif (empty($_POST['TPL_card_owner']) && $SETTINGS['userscreditcard'] == 'y' && $Https['https'] == 'yes') {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_5013;
        } elseif (empty($_POST['TPL_card_zip']) && $SETTINGS['userscreditcard'] == 'y' && $Https['https'] == 'yes') {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_5015;
        } elseif (strlen($_POST['TPL_nick']) < 6) {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_107;
        } else if (strlen ($TPL_password) < 6) {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_108;
        } else if ($TPL_password != $TPL_repeat_password) {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_109;
        } else if (strlen($_POST['TPL_email']) < 5) { // Primitive mail check
        $TPL_err = 1;
        $TPL_errmsg = $ERR_110;
        } else if (!ereg("^[0-9]{2}/[0-9]{2}/[0-9]{4}$", $TPL_birthdate)  && $MANDATORY_FIELDS['birthdate']=='y') { // Birthdate check
        $TPL_err = 1;
        $TPL_errmsg = $ERR_043;
        } elseif (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+([\.][a-z0-9-]+)+$", $_POST['TPL_email'])) {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_008;
        } else if (!CheckAge($birth_day, $birth_month, $birth_year) && $MANDATORY_FIELDS['birthdate']=='y') {
            $TPL_err = 1;
            $TPL_errmsg = $ERR_113;
        }elseif(BannedEmail($_POST['TPL_email'],$BANNEDDOMAINS)){
            $TPL_err = 1;
            $TPL_errmsg = $MSG_30_0054;
        } else {
            $sql = "SELECT nick FROM PHPAUCTIONXL_users WHERE nick=\"" . AddSlashes ($_POST['TPL_nick']) . "\"";
            $res = mysql_query ($sql);
            if (mysql_num_rows($res) == 0) {
                $id = md5(uniqid(rand()));
                $id = eregi_replace("[a-f]", "", $id);
                
                $TPL_id_hidden = $id;
                $TPL_nick_hidden = $_POST['TPL_nick'];
                
                
                $TPL_password_hidden = $TPL_password;
                
                
                
                          $TPL_name_hidden = $_POST['TPL_surname'];
            $TPL_name_hidden .= " ";
                $TPL_name_hidden .= $_POST['TPL_first_name'];
                $TPL_name_hidden .= " ";
                $TPL_name_hidden .= $_POST['TPL_last_name'];
            
                $TPL_email_hidden = $_POST['TPL_email'];
            } else {
                $TPL_err = 1;
                $TPL_errmsg = $ERR_111; // Selected user already exists
            }
            $sql = "SELECT email FROM PHPAUCTIONXL_users WHERE email=\"" . AddSlashes ($_POST['TPL_email']) . "\"";
            $res = mysql_query ($sql);
            if (mysql_num_rows($res) == 0) {
                $id = md5(uniqid(rand()));
                // $id = eregi_replace("[a-f]","",$id);
                $TPL_id_hidden = $id;
                $TPL_nick_hidden = $_POST['TPL_nick'];
                $TPL_password_hidden = $TPL_password;
                $TPL_name_hidden = $_POST['TPL_surname'];
                $TPL_name_hidden .= " ";
                $TPL_name_hidden .= $_POST['TPL_first_name'];
                $TPL_name_hidden .= " ";
                $TPL_name_hidden .= $_POST['TPL_last_name'];
                $TPL_email_hidden = $_POST['TPL_email'];
            } else {
                $TPL_err = 1;
                $TPL_errmsg = $ERR_115; // E-mail already used
            }
            
            if ($TPL_err == 0) {
                $TODAY = $NOWB;
                # // #################################################################
                # // Users suspended field
                # // VALUES:
                # //        9 - sign up fee due
                # //         8 - no fee due, waiting for user's confirmation
                # //            1 - suspended by the administrator via admin utility
                # //
                
               if( $email_confirmation_activated2 == 1 )
               
               {
                $SUSPENDED = 8;
               } 
                 if( $email_confirmation_activated2 != 1 )
               
               {
                $SUSPENDED = 0;
                
                }
                if (!empty($_POST[TPL_cc])) {
                    $CC = $_POST[TPL_cc];
                } else {
                    $CC = '';
                }
                if($SETTINGS['accounttype'] == 'sellerbuyer') {
                    $selected_accounttype = $_POST['accounttype'];
                } else {
                    $selected_accounttype = 'unique';
                }
                
                
                  $address = $_POST['TPL_address'];
                  $address .= " ";
                   $address .= $_POST['TPL_address2'];
              
              
              
              
              
                   $passwordcheck = md5($MD5_PREFIX . Addslashes ($TPL_password_hidden));
              
$query23 = "select password from PHPAUCTIONXL_users WHERE password='$passwordcheck'";
$result23 = mysql_query($query23);
         
        //echo  $result23;
        
        
           $insertuser = 0;
                    
        if ( $result23 ) {
        
        $num_auction23 = mysql_num_rows($result23);
       
       if ( $num_auction23 > $dup_accounts2 ) {
       
       $insertuser = 1;
       
       }
       
        }
       
                   $ipcheck = $_SERVER["REMOTE_ADDR"];
                   
                   
                   
$query233 = "select ip from PHPAUCTIONXL_usersips WHERE ip='$ipcheck'";
$result233 = mysql_query($query233);
                  
              if( $result233 ) {

                $num_auction233 = mysql_num_rows($result233);
       
       if ( $num_auction233 > $dup_accounts2 ) {
       
       $insertuser = 2;
       
       }      
                      
        }              
            //echo $insertuser;
           if ( $insertuser == 0 ) {
           
                  $avatar =  $_POST['TPL_avatar'];  
                $sql = "INSERT INTO PHPAUCTIONXL_users (id,
                        nick, password, name, address, city, prov,
                        country, zip, phone, nletter,email, reg_date,
                        rate_sum,  rate_num, birthdate,suspended,
                        creditcard,exp_month,exp_year,card_owner,card_zip,accounttype,bids_remaining,facebook_id,daily_wins,weekly_wins,monthly_wins,avatar_img)
                          VALUES (NULL, \"" . Addslashes ($TPL_nick_hidden) . "\", \""
                      . md5($MD5_PREFIX . Addslashes ($TPL_password_hidden)) . "\", \""
                      . Addslashes ($TPL_name_hidden) . "\", \""
                        . AddSlashes ($address) . "\", \""
                        . AddSlashes ($_POST['TPL_city']) . "\", \""
                        . AddSlashes ($_POST['TPL_prov']) . "\", \""
                        . AddSlashes ($_POST['TPL_country']) . "\", \""
                        . AddSlashes ($_POST['TPL_zip']) . "\", \""
                        . AddSlashes ($TPL_phone) . "\", \""
                        . AddSlashes ($_POST['TPL_nletter']) . "\", \""
                        . AddSlashes ($_POST['TPL_email']) . "\",
                      '$TODAY',
                      0,
                      0,
                      '$DATE',
                      '$SUSPENDED',
                      ENCODE(\"$CC\",\"$MD5_PREFIX\"),
                        '$_POST[TPL_exp_month]','$_POST[TPL_exp_year]','$_POST[TPL_card_owner]','$_POST[TPL_card_zip]','$selected_accounttype', '$free_sign_up_bids', 0, 0, 0, 0, '$avatar')";
                $res = mysql_query ($sql);  
                if ($res == 0) {
                    $TPL_err = 1;
                    $TPL_errmsg = mysql_error (); //"Error updating users data";
                } else {
                    $TPL_id_hidden=mysql_insert_id();
                    # // ===========================================================
                    # // Added by Gian for IP banning
                    # // Store user IP address in the database
                    # // ===========================================================
                    $query = "INSERT INTO PHPAUCTIONXL_usersips VALUES(
                              NULL,
                              ".intval($TPL_id_hidden).",
                              '".$_SERVER["REMOTE_ADDR"]."',
                              'first','accept')";
                    $res___ = @mysql_query($query);
                    if (!$res___) {
                        MySQLError($query);
                        exit;
                    }  
                    # // ===========================================================
                    /**
                    * Update column users in table PHPAUCTIONXL_counters
                    */
                    $query = "UPDATE PHPAUCTIONXL_counters SET inactiveusers=inactiveusers+1";
                    $counteruser = mysql_query($query);
                    if (!$counteruser) {
                        MySQLError($query);
                        exit;
                    }
                    # // ===========================================================
                    /**
                    * Set up the language of this user in table PHPAUCTIONXL_userslanguage
                    */
                    
                                 if(isset($_COOKIE['USERLANGUAGE'])) {
  $language = $_COOKIE['USERLANGUAGE'];
} else {
  $language = $SETTINGS['defaultlanguage'];
}
                    
                    $_SESSION['language'] = $language;
                    $userlanguage = mysql_query("INSERT INTO PHPAUCTIONXL_userslanguage VALUES(
                                         '".$TPL_id_hidden."',
                                         '$language')");
                    if (!$userlanguage) {
                        MySQLError($query);
                        exit;
                    }
                
              if( $email_confirmation_activated2 == 1 )
               
               {
                
                    # // Send confirmation e-mail message depending on the peyment settings
                    #// and the signup confirmation settings
                if ($SETTINGS['signupfee'] != 1) {
                        if(($SETTINGS['usignupconfirmation'] == 'y' && $SETTINGS['accounttype'] == 'unique') || 
                           (($SETTINGS['sbsignupconfirmation'] == 's' || $SETTINGS['sbsignupconfirmation'] == 'sb') && $_POST['accounttype'] == 'seller') ||
                           (($SETTINGS['sbsignupconfirmation'] == 'b' || $SETTINGS['sbsignupconfirmation'] == 'sb') && $_POST['accounttype'] == 'buyer')) {
                            #Suspend user
                            $query = "UPDATE PHPAUCTIONXL_users SET suspended=10,reg_date=reg_date
                                      WHERE id=$TPL_id_hidden";
                            $RES__ = @mysql_query($query);
                            if (!$RES__) {
                                MySQLError($query);
                                exit;
                            } else {
                                # Send e-mail to the user and the admin
                                include $include_path."user_confirmation_needapproval.inc.php";
                            }
                        }else{
                            include $include_path."user_confirmation.inc.php";
                        }
                    }     }
                    
                    
                    
                }
                
                
                
              if ( $rafbidpack == 0 ) { 
                
       $friend_email1 = $_POST['TPL_email'];
                 
                    
$query99 = "select * from PHPAUCTIONXL_refer_a_friend
         WHERE friend_email='$friend_email1'";
$result99 = mysql_query($query99);
$num_auction99 = mysql_num_rows($result99);

if ( $num_auction99 > 0 ) {



     
$query565 = mysql_fetch_array(mysql_query("SELECT * FROM PHPAUCTIONXL_refer_a_friend WHERE friend_email='$friend_email1'"));
     	  
     	$bids1 = $query565['bids'];
        $referer_id1 = $query565['referer_id'];


$query2323 = mysql_fetch_array(mysql_query("SELECT bids_remaining FROM PHPAUCTIONXL_users WHERE id='$referer_id1'"));
     	  
    $bids2 = $query2323['bids_remaining'];
     	
     
        $bids3 = $bids1 + $bids2;
     
     	
     mysql_query("UPDATE PHPAUCTIONXL_users SET bids_remaining=$bids3 WHERE id=$referer_id1");
            
                  // echo $num_auction99;
              
                              }           
                
                    }
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                }
                
            } // if($TPL_err == 0)
        }
    }
}


if (($action == "first" && count($_POST) == 0) || ($_POST['action'] == "first" && $TPL_err)) {
    $country = "";
    foreach ($countries as $key=>$name) {
        $country .= "<option value=\"$name\"";
        if ($name == $_POST['TPL_country']) {
            $country .= " selected";
        } elseif ($SETTINGS['defaultcountry'] == $name && !isset($TPL_err)) {
            $country .= " selected";
        }
        $country .= ">$name</option>\n";
    }
    
                  include "header.php";
    include phpa_include("template_register_php.html");
    
                    include "footer.php";
}

         if ($_POST['action'] == "first" && !$TPL_err) {
    # //
    
                    
                                
                                
                                
       if( $email_confirmation_activated2 != 1 )
               
               {
                include phpa_include("../../index.php");
               } 
    
               if( $email_confirmation_activated2 == 1 )
               
               {  include "header.php";
                include phpa_include("template_registered_php.html");
                include "footer.php";
               } 
    
    
                          
              






              
                   
                   
                   
    
    
    
    
    
    
    
}



$TPL_err = 0;
$TPL_errmsg = "";
?>